mirror of
https://github.com/Ekultek/Zeus-Scanner.git
synced 2026-03-11 08:55:51 +00:00
patched the XSS scanner, should work better now
This commit is contained in:
parent
4ba8a8a0f4
commit
166e918223
4 changed files with 41 additions and 42 deletions
|
|
@ -10,7 +10,8 @@ from lib.settings import (
|
|||
set_color,
|
||||
DEFAULT_USER_AGENT,
|
||||
proxy_string_to_dict,
|
||||
DBMS_ERRORS
|
||||
DBMS_ERRORS,
|
||||
create_tree,
|
||||
)
|
||||
|
||||
|
||||
|
|
@ -28,9 +29,12 @@ def create_urls(url, payload_list):
|
|||
return tf_name
|
||||
|
||||
|
||||
def find_xss_script(url, query=4):
|
||||
def find_xss_script(url, query=4, fragment=5):
|
||||
data = urlparse.urlparse(url)
|
||||
return data[query]
|
||||
if data[fragment] is not "" or None:
|
||||
return "{}{}".format(data[query], data[fragment])
|
||||
else:
|
||||
return data[query]
|
||||
|
||||
|
||||
def scan_xss(url, agent=None, proxy=None):
|
||||
|
|
@ -51,7 +55,7 @@ def scan_xss(url, agent=None, proxy=None):
|
|||
return False
|
||||
|
||||
|
||||
def main_xss(start_url, verbose=False, proxy=None, agent=DEFAULT_USER_AGENT, try_all=False):
|
||||
def main_xss(start_url, verbose=False, proxy=None, agent=None):
|
||||
find_xss_script(start_url)
|
||||
logger.info(set_color(
|
||||
"loading payloads..."
|
||||
|
|
@ -67,31 +71,30 @@ def main_xss(start_url, verbose=False, proxy=None, agent=DEFAULT_USER_AGENT, try
|
|||
filename = create_urls(start_url, payloads)
|
||||
if verbose:
|
||||
logger.debug(set_color(
|
||||
"loaded URL's have been saved to '{}'...".format(filename)
|
||||
"loaded URL's have been saved to '{}'...".format(filename), level=10
|
||||
))
|
||||
logger.info(set_color(
|
||||
"testing for XSS vulnerabilities on host '{}'...".format(start_url)
|
||||
))
|
||||
logger.info(set_color(
|
||||
"adjusting user agent to '{}'...".format(agent)
|
||||
))
|
||||
if proxy is not None:
|
||||
logger.info(set_color(
|
||||
"using proxy '{}'...".format(proxy)
|
||||
))
|
||||
success = set()
|
||||
with open(filename) as urls:
|
||||
for url in urls:
|
||||
for url in urls.readlines():
|
||||
url = url.strip()
|
||||
result = scan_xss(url, proxy=proxy, agent=agent)
|
||||
payload = find_xss_script(url)
|
||||
logger.info(set_color(
|
||||
"trying payload '{}'...".format(payload)
|
||||
))
|
||||
if result:
|
||||
logger.info(set_color(
|
||||
"host '{}' appears to be vulnerable to XSS attacks using payload '{}'...".format(
|
||||
start_url, payload
|
||||
)
|
||||
))
|
||||
if not try_all:
|
||||
return
|
||||
success.add(url)
|
||||
if verbose:
|
||||
logger.debug(set_color(
|
||||
"payload '{}' appears to be usable...".format(payload), level=10
|
||||
))
|
||||
elif result is "sqli":
|
||||
logger.error(set_color(
|
||||
"loaded URL '{}' threw a DBMS error and appears to be SQLi vulnerable, test for SQL injection".format(
|
||||
|
|
@ -104,4 +107,5 @@ def main_xss(start_url, verbose=False, proxy=None, agent=DEFAULT_USER_AGENT, try
|
|||
"host '{}' does not appear to be vulnerable to XSS attacks with payload '{}'...".format(
|
||||
start_url, payload
|
||||
), level=10
|
||||
))
|
||||
))
|
||||
create_tree(start_url, list(success))
|
||||
|
|
@ -22,7 +22,7 @@ except NameError:
|
|||
# clone link
|
||||
CLONE = "https://github.com/ekultek/zeus-scanner.git"
|
||||
# current version <major.minor.commit.patch ID>
|
||||
VERSION = "1.0.18.7db8"
|
||||
VERSION = "1.0.18.7124"
|
||||
# colors to output depending on the version
|
||||
VERSION_TYPE_COLORS = {"dev": 33, "stable": 92, "other": 30}
|
||||
# version string formatting
|
||||
|
|
@ -380,14 +380,4 @@ def create_tree(start, conns, down="|", over="-", sep="-" * 40):
|
|||
down, over, con
|
||||
)
|
||||
)
|
||||
print(sep)
|
||||
|
||||
|
||||
def add_https(url):
|
||||
"""
|
||||
add https:// to a url
|
||||
"""
|
||||
if "https://" in url:
|
||||
return url
|
||||
else:
|
||||
return "https://{}".format(url.split("://")[-1])
|
||||
print(sep)
|
||||
|
|
@ -18,7 +18,6 @@ from lib.settings import (
|
|||
URL_REGEX,
|
||||
shutdown,
|
||||
create_dir,
|
||||
add_https
|
||||
)
|
||||
|
||||
|
||||
|
|
@ -26,23 +25,30 @@ def bypass_ip_block(url, content_sep=("continue=", "Fid", "%")):
|
|||
"""
|
||||
bypass Google's IP blocking by extracting the true URL from the ban URL.
|
||||
"""
|
||||
|
||||
def __add_https(data):
|
||||
if "https://" in data:
|
||||
return data
|
||||
else:
|
||||
return "https://{}".format(url.split("://")[-1])
|
||||
|
||||
if isinstance(url, unicode):
|
||||
url = str(url)
|
||||
index_list = []
|
||||
index_list_2 = []
|
||||
content_list_start = []
|
||||
content_list_end = []
|
||||
if content_sep[0] in url:
|
||||
data_list = url.split(content_sep[0])
|
||||
url_to_use = data_list[1]
|
||||
else:
|
||||
url_to_use = url
|
||||
|
||||
for m in re.finditer(content_sep[1], url_to_use):
|
||||
index_list.append((m.start(), m.end()))
|
||||
splice_to_use = index_list[-1][-1]
|
||||
for match in re.finditer(content_sep[1], url_to_use):
|
||||
content_list_start.append((match.start(), match.end()))
|
||||
splice_to_use = content_list_start[-1][-1]
|
||||
|
||||
for m2 in re.finditer(content_sep[2], url[0:splice_to_use]):
|
||||
index_list_2.append((m2.start(), m2.end()))
|
||||
return add_https(url[0:index_list_2[-1][-1] - 1])
|
||||
for match in re.finditer(content_sep[2], url[0:splice_to_use]):
|
||||
content_list_end.append((match.start(), match.end()))
|
||||
return __add_https(url[0:content_list_end[-1][-1] - 1])
|
||||
|
||||
|
||||
def get_urls(query, url, verbose=False, warning=True, user_agent=None, proxy=None, **kwargs):
|
||||
|
|
@ -118,7 +124,8 @@ def get_urls(query, url, verbose=False, warning=True, user_agent=None, proxy=Non
|
|||
"obtaining URL from selenium..."
|
||||
))
|
||||
retval = browser.current_url
|
||||
if "http://ipv6.google.com" or "http://ipv4.google.com" in retval:
|
||||
ban_url_schema = ["http://ipv6.google.com", "http://ipv4.google.com"]
|
||||
if any(u in retval for u in ban_url_schema): # if you got IP banned
|
||||
logger.warning(set_color(
|
||||
"it appears that Google is attempting to block your IP address, attempting bypass...", level=30
|
||||
))
|
||||
|
|
|
|||
4
zeus.py
4
zeus.py
|
|
@ -93,8 +93,6 @@ if __name__ == "__main__":
|
|||
help="Show the arguments that nmap understands")
|
||||
attacks.add_option("-P", "--show-possibles", dest="showAllConnections", action="store_true",
|
||||
help="Show all connections made during the admin panel search")
|
||||
attacks.add_option("--run-all", dest="runAllXssPayloads", action="store_true",
|
||||
help="Run every loaded XSS payload")
|
||||
|
||||
# search engine options
|
||||
engines = optparse.OptionGroup(parser, "Search engine arguments",
|
||||
|
|
@ -363,7 +361,7 @@ if __name__ == "__main__":
|
|||
elif admin:
|
||||
main(url, show=opt.showAllConnections, verbose=verbose)
|
||||
elif xss:
|
||||
main_xss(url, verbose=verbose, proxy=proxy_to_use, agent=agent_to_use, try_all=opt.runAllXssPayloads)
|
||||
main_xss(url, verbose=verbose, proxy=proxy_to_use, agent=agent_to_use)
|
||||
else:
|
||||
pass
|
||||
else:
|
||||
|
|
|
|||
Loading…
Reference in a new issue